Should Chrome start supporting the `ALLOW-FROM` value for `X-Frame-Options`?
-
-
Replying to @mikewest
Yes. But only if you can get Firefox to support location.ancestorOrigins as well.
1 reply 0 retweets 0 likes -
Replying to @cramforce
: Amounts to the same thing, right? Though I recall either
@annevk or@bz_moz being concerned about that attribute's leakage.1 reply 0 retweets 0 likes -
That was me, yes. Not happy about allowing pages to detect that someone in particular is framing them.
2 replies 0 retweets 0 likes -
Replying to @really_bz
: `frame-ancestors` (and `ALLOW-FROM` to a much more limited degree) already expose this to brute-forcing.
@cramforce@annevk1 reply 0 retweets 0 likes
Mmm. I consider that a bug in the design of frame-ancestors. But also, brute-forcing is expensive.
8:19 AM - 12 Sep 2016
0 replies
0 retweets
0 likes
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.